I am looking for sample test cases for all 10 vulnerabilities to exploit those scenarios. I would highly appreciate if any one share or share the link for test cases for a web application with all 10 ...

Hello I am considering installing owasp mod_security crs on an ubuntu 12.04.4 which comes with apache 2.2.22. On the github page I have seen many version's but all tutorials were using 2.2.7
First I ...

I can't get to upload the stager file on the OWASPbwa document root
(/var/wwww/WackoPicko/users). I am not sure how to troubleshoot this error.
Any help on the issue will be appreciated. Thank you.
...

According to me,if this difference is correct,it is that for exploiting a broken access control you don't necessarily need to be logged into the application,but for exploiting insecure direct object ...

I have a list of 30 websites I have scanned. I need to pull out a report for each individual website. Is it possible to do? Right now I am just running a report and getting the results for all 30 and ...

I am trying to perform a simple penetration test on the DVWA (the web application that has been specifically designed to be vulnerable to some of the most common web application attacks).
I want to ...

I am learning at school about attack signatures on web applications (basically OWASP), but I do not understand what they really are in this context. Can anybody give me some good references where I ...

I'm using owasp EnDe web-based tool to understand nibbles and encoding in general. This online utility in my knowledge is the best free resource avaiable for anyone who is interested to learn encoding ...

What is the best way of testing my Firewall configuration as i have deployed the Core Rule set provided by the OWASP. But my rule configuration was giving me too many false positives which i resolved ...

I am trying to establish an application security group within an organization and although there is a plethora of courses for penetration testers, i fail to find an equal amount of training courses ...

I have a question regarding mod_security. I have installed mod_security on my server and OWASP core rule set. However, now people are having trouble when accessing my page.
For example, one problem ...

While developing TeamMentor I implemented a number of WebServices (consumed via jQuery) and now on its final push for release I want to double check that they are not vulnerable to CSRF.
There isn't ...

I am a member of the local ACM student chapter in my university and as part of our activities I am scheduled to give a talk on current issues on Web Application Security (and possibly secure coding ...

I'd like to set up OWASP WebGoat or a similar vulnerable web app in a VM (probably VirtualBox on Linux). For convenience's sake, I'd like to get it running on one of the primary machines I use (say, a ...